by L3g3nd4ry on Sat Aug 06, 2011 6:58 pm ([msg=60636]see SQL Injection: Help me find a site to hack[/msg])

I have recently being learning SQL Injection, but can't find any sites that don't have protection against SQLIn. Does anybody know of any sites with SQL Injection vulnerabilities, a method of finding vulnerable sites, or a site with a "sanbox", where you can mess around and test things out? Yes I know, SQL Injection.... I'm a n00b... But hey, you gotta start somewhere... Thanks for any answers.

by mShred on Sat Aug 06, 2011 7:04 pm ([msg=60637]see Re: SQL Injection: Help me find a site to hack[/msg])

L3g3nd4ry wrote:I have recently being learning SQL Injection, but can't find any sites that don't have protection against SQLIn. Does anybody know of any sites with SQL Injection vulnerabilities, a method of finding vulnerable sites, or a site with a "sanbox", where you can mess around and test things out? Yes I know, SQL Injection.... I'm a n00b... But hey, you gotta start somewhere... Thanks for any answers.

You can always set up your own vulnerable server and test that. You can always use Google hacks to find sites that have similar parameters as many vulnerable sites. But don't go being a skiddie.

by tremor77 on Wed Aug 17, 2011 7:54 am ([msg=60939]see Re: SQL Injection: Help me find a site to hack[/msg])

Warfreak2 wrote:If you don't have any nails, put down the hammer. Don't go around hitting other people just for the fun of it.

That said, if you do find an SQL injection vulnerability in a website, you should contact the administrator so they can fix it, before you go around telling people about it.

Well put. And I might add instead of just learning SQL Injection go about entirely learning SQL. One of the best ways to learn about how to hack code is to write the code and be as thorough as possible in developing it to prevent attacks. Then go about testing your work. I would challenge you to write a mini CMS in PHP that has user logins with access to a textarea web editor that edits and saves dynamically generated pages into your database.. make it hacker proof while keeping it functional and user friendly. Learning to 'prevent' SQL injection in your code is the best way to learn SQL injection.